The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks © 2004 by CRC Press LLC OTHER AUERBACH PUBLICATIONS The ABCs of IP Addressing Information Security Policies, Gilbert Held Procedures, and Standards: ISBN: 0-8493-1144-6 Guidelines for Effective Information Security Management The ABCs of LDAP Thomas R. Peltier Reinhard Voglmaier ISBN: 0-8493-1137-3 ISBN: 0-8493-1346-5 Information Security Risk Analysis The ABCs of TCP/IP Thomas R. Peltier Gilbert Held ISBN: 0-8493-0880-1 ISBN: 0-8493-1463-1 Interpreting the CMMI: A Process Building an Information Security Improvement Approach Awareness Program Margaret Kulpa and Kurt Johnson Mark B. Desman ISBN: 0-8493-1654-5 ISBN: 0-8493-0116-5 IS Management Handbook, Building a Wireless Office 8th Edition Gilbert Held Carol V. Brown and Heikki Topi ISBN: 0-8493-1271-X ISBN: 0-8493-1595-6 The Complete Book of Middleware Managing a Network Vulnerability Judith Myerson Assessment ISBN: 0-8493-1272-8 Thomas R. Peltier and Justin Peltier Computer Telephony Integration, ISBN: 0-8493-1270-1 2nd Edition A Practical Guide to Security Engineering William A. Yarberry, Jr. and Information Assurance ISBN: 0-8493-1438-0 Debra Herrmann Electronic Bill Presentment and Payment ISBN: 0-8493-1163-2 Kornel Terplan The Privacy Papers: ISBN: 0-8493-1452-6 Managing Technology and Consumers, Information Security Architecture Employee, and Legislative Action Jan Killmeyer Tudor Rebecca Herold ISBN: 0-8493-9988-2 ISBN: 0-8493-1248-5 Information Security Management Securing and Controlling Cisco Routers Handbook, 4th Edition, Volume 1 Peter T. Davis Harold F. Tipton and Micki Krause, Editors ISBN: 0-8493-1290-6 ISBN: 0-8493-9829-0 Six Sigma Software Development Information Security Management Christine B. Tayntor Handbook, 4th Edition, Volume 2 ISBN: 0-8493-1193-4 Harold F. Tipton and Micki Krause, Editors Software Engineering Measurement ISBN: 0-8493-0800-3 John Munson Information Security Management ISBN: 0-8493-1502-6 Handbook, 4th Edition, Volume 3 A Technical Guide to IPSec Virtual Private Harold F. Tipton and Micki Krause, Editors Networks ISBN: 0-8493-1127-6 James S. Tiller Information Security Management ISBN: 0-8493-0876-3 Handbook, 4th Edition, Volume 4 Telecommunications Cost Management Harold F. Tipton and Micki Krause, Editors Brian DiMarsico, Thomas Phelps IV, ISBN: 0-8493-1518-2 and William A. Yarberry, Jr. ISBN: 0-8493-1101-2 AUERBACH PUBLICATIONS www.auerbach-publications.com To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401 © 2004 by CRC Press LLC E-mail: [email protected] The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks SUSAN YOUNG AND DAVE AITEL AUERBACH PUBLICATIONS A CRC Press Company Boca Raton London New York Washington, D.C. © 2004 by CRC Press LLC AU0888_C00.fm Page iv Wednesday, October 1, 2003 5:41 AM Library of Congress Cataloging-in-Publication Data Young, Susan (Susan Elizabeth), 1968– The hacker’s handbook : the strategy behind breaking into and defending Networks / Susan Young, Dave Aitel. p. cm. Includes bibliographical references and index. ISBN 0-8493-0888-7 (alk. paper) 1. Computer networks—Security measures. 2. Computer networks—Access control. 3. Computer hackers. I. Aitel, Dave. II. Title. TK5105.59.Y68 2003 005.8—dc22 2003055391 CIP This book contains information obtained from authentic and highly regarded sources. Reprinted material is quoted with permission, and sources are indicated. A wide variety of references are listed. Reasonable efforts have been made to publish reliable data and information, but the authors and the publisher cannot assume responsibility for the validity of all materials or for the consequences of their use. Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microfilming, and recording, or by any information storage or retrieval system, without prior permission in writing from the publisher. All rights reserved. Authorization to photocopy items for internal or personal use, or the personal or internal use of specific clients, may be granted by CRC Press LLC, provided that $1.50 per page photocopied is paid directly to Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923 USA. The fee code for users of the Transactional Reporting Service is ISBN 0-8493-0888-7/04/$0.00+$1.50. The fee is subject to change without notice. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. The consent of CRC Press LLC does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific permission must be obtained in writing from CRC Press LLC for such copying. Direct all inquiries to CRC Press LLC, 2000 N.W. Corporate Blvd., Boca Raton, Florida 33431. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation, without intent to infringe. Visit the Auerbach Publications Web site at www.auerbach-publications.com © 2004 by CRC Press LLC Auerbach is an imprint of CRC Press LLC No claim to original U.S. Government works International Standard Book Number 0-8493-0888-7 Library of Congress Card Number 2003055391 Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 Printed on acid-free paper © 2004 by CRC Press LLC AU0888_C00.fm Page v Wednesday, October 1, 2003 5:41 AM Acknowledgments Every book, as they say, has a story. This book’s history has been a long and varied one. Along the way, numerous individuals have contributed their time, focus, energy, technical acumen, or moral support to seeing The Hacker’s Handbook through to its conclusion. The authors would like to thank the following individuals for their con- tributions and support: • Rich O’Hanley and the production staff at Auerbach Press for their tireless support of this book, in spite of its long (and somewhat nefarious) history. • Our contributing authors — Felix Lindner, Jim Barrett, Scott Brown, and John Zuena — for taking the time and care to write several excellent chapters on the hacking community, malware, directory services, and network hardware that contain some truly unique and interesting material. • Our technical reviewers, including Jim Tiller, Anton Chuvakin, Sean Cemm, Ben Rothke, and Ted Shagory, for their insights and for dedicating their time and energy to helping to shape a better book. We are confident that this review process will continue as this text goes to publication, and want — in advance — to thank our readers and reviewers for their attention to the ongoing quality of this book. In addition, Dave Aitel would like to thank Justine Bone for her support and encouragement and Susan Young would like to thank the following indi- viduals: the Darklord (Thomas McGinn) for keeping his personal commit- ment to support the effort that went into this book in spite of many months of spent deadlines, missed weekends, and fatigue (thanks, T2B); Trevor Young, for lending his genuine talent, enthusiasm, time, and care to crafting the illustrations throughout this book; Gemma Young, and her parents, Sylvia and Neil, for their interest, support, and advice through two years of long distance phone calls; and International Network Services (and parti- cularly Steven Marandola, Bob Breingan, and Shaun Meaney) for making available time and support for the completion of this book. v © 2004 by CRC Press LLC AU0888_C00.fm Page vi Wednesday, October 1, 2003 5:41 AM Authors Dave Aitel is the founder of Immunity, Inc. (www.immunitysec.com), with prior experience at both private industry security consulting companies and the National Security Agency. His tools, SPIKE and SPIKE Proxy, are widely regarded as the best black box application assessment tools available. Susan Young has worked in the security field for the past seven years, four of which have been spent in the security consulting arena, helping clients design and implement secure networks, training on security technologies, and conducting security assessments and penetration tests of client system or network defenses (so-called ethical hacking). Her experience has included consulting work in the defense sector and the financial industry, as well as time spent evaluating and deconstructing various security products. She currently works as a senior security consultant in the Boston area secu- rity practice of International Network Services (INS). © 2004 by CRC Press LLC AU0888_C00.fm Page vii Wednesday, October 1, 2003 5:41 AM Contributors Jim Barrett (CISA, CISSP, MCSE, CCNP) is a principal consultant for the Boston office of International Network Services (INS). He currently serves as the national Microsoft practice leader for INS and has been working with Microsoft technologies for longer than he can remember. Prior to INS, Jim spent several years as a member of the information systems audit and security practice of Ernst & Young LLP, where he co-authored the firm’s audit methodology for Novell NetWare 4.1 and was an instructor at the Ernst & Young National Education Center. His areas of expertise include network operating systems and information systems security. Scott Brown (CISSP, GCIA, GCIH) is a senior security consultant for Interna- tional Network Services, with more than 13 years experience in the infor- mation technologies field. He is a Certified Information Systems Security Professional (CISSP), and holds both SANS GCIA and GCIH certifications. Scott is also a private pilot with a rating in single engine aircraft. John Zuena (CISSP, CCNA, CCDA, NNCSE) is a senior consultant for Inter- national Network Services, with more than 14 years experience in the infor- mation technologies field. He is a Certified Information Systems Security Professional (CISSP) and holds both Cisco and Nortel internetworking cer- tifications. He is also a private pilot with ratings in both single engine air- planes and helicopters. © 2004 by CRC Press LLC AU0888_C00.fm Page viii Wednesday, October 1, 2003 5:41 AM Illustrator Trevor Young has been drawing, painting, creating, and generally exercis- ing his artistic imagination for a very long time. Young attended Camberwell College of Art in London, studying graphic design and illustration, and has gone on to a successful career in the film special effects industry in London, first working for the Film Factory and currently as a digital compositor for Hypnosis VFX Ltd. You will find him in the IMDb at http://us.imdb.com/Name?Young,+Trevor. He has continued to work in illustration from time to time and generously contributed his time to create a set of illustrations for this book that have become truly integral to the book and the subject matter. viii © 2004 by CRC Press LLC AU0888_C00.fm Page ix Wednesday, October 1, 2003 5:41 AM List of Abbreviations ACK Acknowledge ARIN American Registry for Internet Numbers ASCII ASCII Character Set (ASCII) ASN Autonomous System Number ASP Active Server Pages or Application Service Provider BSDI Berkeley Software Design (BSD) Operating System Internet Server Edition CANVAS Immunity Security’s CANVAS Vulnerability Scanner CAST Computer Aided Software Testing CDE Common Desktop Environment CHAM Common Hacking Attack Methods CIFS Common Internet File Sharing CPAN Comprehensive Perl Archive Network CRC Cyclic Redundancy Check CVE Common Vulnerabilities and Exposures (List) CVS Concurrent Versions System Source Code Control System DDoS Distributed Denial-of-Service DID Direct Inward Dialing DIT Directory Information Tree DNS Domain Name System DNSSEC Domain Name System Security DoS Denial-of-Service DSA Digital Signature Algorithm EFS Encrypting File System (Microsoft) EIGRP Enhanced Interior Gateway Routing Protocol EIP Extended Instruction Pointer ESMTP Extended Simple Mail Transfer (Protocol) EVT Event (Microsoft) FIFO First In First Out is an approach to handling queue or stack requests where the oldest requests are prioritized FX Handle for Felix Lindner GCC GNU C Compiler GCIA GIAC Certified Intrusion Analyst GCIH GIAC Certified Incident Handler © 2004 by CRC Press LLC